PSA only supports byte-aligned RSA key sizes #9048
Labels
component-crypto
Crypto primitives and low-level interfaces
enhancement
size-s
Estimated task size: small (~2d)
Comments
gilles-peskine-arm
added
enhancement
component-crypto
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 22, 2024
Work around Mbed-TLS#9048 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 22, 2024
Work around Mbed-TLS#9048 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
I'm prioritizing this as SHOULD for TF-PSA-Crypto 4.0 because if we don't do it, there's a loss of functionality (we can't handle RSA keys whose size is not a multiple of 8 any longer). But it's not a release blocker, since it can be a limitation that we lift in a subsequent minor release. |
github-project-automation
bot
moved this to Mbed TLS 4.0 SHOULD
in Backlog for Mbed TLS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The PSA subsystem only supports RSA keys whose size is a multiple of 8 bits, i.e.
bits % 8 == 0. Other sizes are rejected at key creation time.I remember users indicating that they wanted to support arbitrary modulus sizes, so this is something we should fix in 4.0. The low-level RSA module supports arbitrary modulus sizes, and this is tested. (Exception: key generation only supports key sizes that are a multiple of 2.)
Historically, this limitation in PSA was solely due to an implementation difficulty because PSA was built on top of pk which had a buggy
mbedtls_pk_get_bitlenfunction. The buggymbedtls_pk_get_bitlenis fixed in 3.6.0 and no longer relevant anyway, so we can lift the PSA limitation. We just need to review the code to check for assumptions that byte-length = 8 × bit-length, and make sure we have adequate tests.The text was updated successfully, but these errors were encountered: